GrnEyedDvl
Active member
Well that is mostly used on linux servers. You can use it on the windows power shell, though I cant remember ever actually doing so. I probably should have asked earlier, but you are on a shared hosting package?
Cloudflare rule for securing admin.php?
- Thread starter Alvin63
- Start date
Sorry yes, shared hosting service. They won't accept a script for updating the IP addresses. I'm ok with manually updating them I could just do with some kind of email reminder when they change. Apparently Cloudflare don't do that but I believe there's another site that does - not sure which.
GrnEyedDvl
Active member
No. That /20 is the subnet. That is not a single IP address but several thousand IP addresses.
/20 is over 4000 IP addresses ................ so seems I can't whitelist them in IP Manager in server after all.
This is annoying. All along it's either been use htaccess or use zero trust and whitelist Cloudflare IP's (can't use a combination of both htaccess and zero trust apparently due to conflicts).
So am back to square one. Either use zero trust and accept the risk of not protecting against origin IP bad agent issues bypassing Cloudflare.
Or use ht access and lose the flexibility.
On the other hand - if I keep my VPN Static IP allowed in htaccess (instead of zero trust) then presumably I could use that IP from any device anywhere. But I guess there's a risk of being locked out if the VPN static IP cuts out.
This is annoying. All along it's either been use htaccess or use zero trust and whitelist Cloudflare IP's (can't use a combination of both htaccess and zero trust apparently due to conflicts).
So am back to square one. Either use zero trust and accept the risk of not protecting against origin IP bad agent issues bypassing Cloudflare.
Or use ht access and lose the flexibility.
On the other hand - if I keep my VPN Static IP allowed in htaccess (instead of zero trust) then presumably I could use that IP from any device anywhere. But I guess there's a risk of being locked out if the VPN static IP cuts out.
Last edited:
GrnEyedDvl
Active member
That is why I suggested doing it at the local server firewall. But since you are on shared hosting that probably is not possible.
Yep. Ok. I'm just going to stick with Zero Trust.
It seems a VPS server and full cloudflare is the way to cover everything but that's beyond my scope.
Been looking at this thread though. Has anyone configured a tiny proxy?
It seems a VPS server and full cloudflare is the way to cover everything but that's beyond my scope.
Been looking at this thread though. Has anyone configured a tiny proxy?
Last edited:
digitalpoint
Well-known member
It's another automatic thing you can do with my Cloudflare addon. Check XF Admin -> Cloudflare -> ProxiesYep. Ok. I'm just going to stick with Zero Trust.
It seems a VPS server and full cloudflare is the way to cover everything but that's beyond my scope.
Been looking at this thread though. Has anyone configured a tiny proxy?
Thank you. So that sounds good then.
So now I've set up the allow and bypass rules in Cloudflare - can I leave them? Or should I cancel them and start again with the app?
digitalpoint
Well-known member
If things are working, you don't need to change anything.
Ok I set two policies in one application (for admin.php) - one to bypass my ip, the other to allow my email. And one policy in another application for /install - to allow email only.
So there wouldn't be any conflict with that set up then? It's quick enough to undo if needed. I just wasn't sure if it might be better if everything was via the "group" in the addon.
So there wouldn't be any conflict with that set up then? It's quick enough to undo if needed. I just wasn't sure if it might be better if everything was via the "group" in the addon.
digitalpoint
Well-known member
Up to you... All the addon does as far as Zero Trust goes is setup the config. So if you already have a Zero Trust config that's working for you, no need to have it generate a new config.
